How Ottawa revived Canada’s most controversial privacy issue

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law.

The controversial issue of lawful access rules, which address questions of police access to Internet subscriber information and the interception capabilities at Canadian telecommunications companies, has long been played down by Canadian governments.

When the policy proposals first emerged in the early 2000s, the Liberal government focused on the anti-terrorism and anti-spam benefits. Subsequent Conservative proposals promoted the ability to combat child pornography and, most recently, cyberbullying.

Story continues below advertisement

Yet when the Conservatives passed lawful access legislation in late 2014, it seemed that more than a decade of debate had delivered a typical Canadian compromise.

The new legislation eliminated liability concerns for Internet service providers that voluntarily disclose basic subscriber information and created a series of new police powers to require access to, and preservation of, digital data.

The law faced some criticism, but more contentious proposals involving mandatory warrant-less disclosure of personal information and government-prescribed surveillance capabilities for telecom networks were not included.

Moreover, the Supreme Court of Canada ruled in the R v. Spencer case in June, 2014, that there was a reasonable expectation of privacy in subscriber information such that a warrant is required for disclosure in most circumstances.

Notwithstanding the legislative resolution and renewed legal certainty, Public Safety Minister Ralph Goodale has quietly revived the lawful access debate with a public consultation that raises the prospect of new rules that would effectively scrap the 2014 compromise.

Ironically, the focus this time is the public's demand for amendments to Bill C-51, the Conservatives' anti-terrorism law that sparked widespread criticism and calls for reform during last year's election campaign.

In other words, the balance of Canadian privacy is being put at risk by a policy initiative the purports to fix privacy.

Story continues below advertisement

The Public Safety consultation skips over the years of lawful access debate by putting everything back on the table, acknowledging that the law was updated less than 24 months ago but suggesting that more change may be needed.

For example, it implies that the "lack of consistent and reliable technical intercept capability on domestic telecommunications networks" presents a risk to law-enforcement investigations.

Yet left unsaid is that the prior proposed solutions in the form of government-mandated interception capabilities were rejected because of the enormous cost, inconsistent implementation and likely ineffectiveness of standards that would exempt many smaller providers.

The consultation also renews the possibility of easier access to basic subscriber information. Even after the Spencer court decision, transparency reports from many of Canada's largest telecom companies indicate that law enforcement still regularly obtains access to subscriber information.

The current approach strikes a balance that reflects the need for access for investigative purposes and the privacy protections to which all Canadians are entitled.

The consultation hints that changes to the basic subscriber information access system are coming with an emphasis on "the needs of law enforcement and national security agencies and the impact of those measures on industry" before any reference to privacy law.

Story continues below advertisement

In fact, Mr. Goodale places another controversial issue on the policy table, noting that encryption technologies are "vital to cybersecurity, e-commerce, data and intellectual property protection, and the commercial interests of the communications industry" but lamenting that those same technologies can also be used by criminals and terrorists.

Given its widespread use and commercial importance, few countries have imposed decryption requirements. However, this year's controversy involving access to data on an Apple iPhone owned by one of the San Bernardino, Calif., shooters revived the debate over access to encrypted communications, and the consultation asks Canadians to comment on the circumstances under which law enforcement should be permitted to compel decryption.

The consultation remains open until Dec. 1, but the message from the government is clear: The cost of changing Bill C-51 comes with a significant privacy price.

The anti-terrorism provisions that sparked concern will be examined, but so too will be lawful access rules that have enormous implications for Canadian business, law enforcement and the broader public.